FaceID: convenience and security

Convenience

In one of the most watched reviews of the iPhone X, Marques Brownlee was showing in a side-by-side comparison that the new FaceID is still slower than the TouchID, but it will eventually get better with software improvements. I think that in the most cases, FaceID is faster: by tapping the screen or pressing the power button to unlock your iPhone, you’re actually creating an extra step when you don’t need one. If you simply pick up the phone, then swiping up will already unlock it. Definitely faster than TouchID.
But what’s even more important, FaceID represents an important milestone in the history of biometric authentication: it’s for the first time when this process is done seamlessly, without even thinking about it. Even Brownlee admits that “facial recognition on a phone is closer to secure, seamless authentication than a separate fingerprint reader will ever be“.
After using FaceID to unlock my phone for more than two weeks I can feel that it works so well that it becomes easy to forget that the authentication actually happens. The closest to this feeling is the Apple Watch authentication model: once you put it on your hand and unlock it, it’s easy to forget that you’re authenticated (by keeping it tied to your hand) and you can receive notifications on it. The fact that the FaceID authentication is now tied to something that you’re doing with the phone anyway – that is, looking at it – makes the experience feel close to magic.

This experience can be technically described as ‘continuous authentication’: you no longer have to make a conscious gesture in order to authenticate (ex. type a PIN or put your finger on the TouchID); by simply looking at the phone you are already authenticated. Some examples:
– expand notifications and show the the control center on the lock screen
– apps using FaceID for authentication, like LastPass: after opening them, you’re already authenticated (without the need to type a password or put your finger).
– Safari browser auto-filling the passwords

Face ID is the most compelling advancement in security I have seen in a very long time. It’s game-changing not merely due to the raw technology, but also because of Apple’s design and implementation. […] The real Face ID revolution: since you’re almost always looking at your iPhone while you’re using it, Face ID enables what I call “continuous authentication.”
Rich Mogull: Face ID’s Innovation: Continuous Authentication

Security

I described above the convenience of using FaceID and how it slowly moves us to a new era where we no longer realize we’re using biometric authentication. But how secure is it?
Before we dive into the main security concerns, it’s worth noting that before TouchID (that is a mere 4 years ago), most of us did not use a passcode on our smartphones. “Before Touch ID, about half of our users had a passcode set. Now, 9 out of 10 do.” (WWDC June 2016). With the introduction of TouchID and now FaceID, the number of people enjoying the security benefits of using a passcode is much higher.

Here are the main concerns related to FaceID:

– accidental in-app buy or download; accidental use of Apple Pay: not possible, you have to double tap the power button to enable the FaceID in order to download an app or to make a purchase– false positive rate (security concern) / false negative rate (convenience concern): according to Apple, both fare better than TouchID– somebody clones your face: still possible, and a valid concern if you have a high profile. But FaceID is more secure than TouchID: fabricating a 3D mask is arguably more complicated than a 3D finger.– law enforcement forces you to unlock your iPhone using your face: the security level here is the same as for Touch ID. If you are concerned about this aspect, then simply don’t use FaceID/TouchID and rely on a strong passcode instead. If you are a just a little bit concerned, then know that holding the power and one of the volume buttons together (‘squeeze’ your iPhone) will immediately require the passcode to unlock– somebody unlocks your phone while you are asleep: you can enable ‘require attention’. But if you are concerned about this, you have bigger issues that the security on your smartphone 🙂
More about these concerns here: Face ID, Touch ID, No ID, PINs and Pragmatic Security

The only valid concern for me is the following: a thief steals your iPhone, makes you look at it to unlock, then runs away with the unlocked phone.
In this scenario, FaceID is actually worse than TouchID – because it requires no physical contact between you and the thief. The only solution for this is to ‘Find your iphone’ and remotely wipe it, but this can take time during which valuable data can be extracted from your stolen phone. A better solution would be to immediately lock the iPhone from your Apple Watch.

Conclusions

There is always a trade-off between security and convenience. Sometimes compromises need to be made: security requires pragmatism. But FaceID just proved how it can address the most security concerns while providing a seamless user experience. With time, software and hardware updates, it will get even better, and we will see FaceID on other computing devices like tablets or laptops.
And from there it’s easy to imagine a keyless future. How long until you unlock your car by looking at it? Or you unlock your house by simply approaching the door and disarm your house alarm system by stepping into the hallway?
FaceID is not only an important milestone for biometric authentication, but it has the potential to change the way we interact with technology forever.